MidnightBSD

Advisories for kame

CVE-2004-0155 HIGH

The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kame racoon *
CVE-2004-0164 MEDIUM

KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kame racoon all_versions
CVE-2004-0392 MEDIUM

racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kame racoon *
CVE-2004-0403 MEDIUM

Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kame racoon *
CVE-2004-0607 HIGH

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ipsec-tools ipsec-tools 0.3_rc2
kame racoon *
ipsec-tools ipsec-tools 0.3_rc5
ipsec-tools ipsec-tools 0.3
ipsec-tools ipsec-tools 0.3_rc4
kame racoon 2004-04-05
kame racoon 2004-04-07b
redhat enterprise_linux 3.0
kame racoon 2003-07-11
ipsec-tools ipsec-tools 0.3_rc3
kame racoon 2004-05-03
ipsec-tools ipsec-tools 0.3.1
ipsec-tools ipsec-tools 0.3.2
redhat enterprise_linux_desktop 3.0
ipsec-tools ipsec-tools 0.3_rc1
CVE-2005-0398 MEDIUM

The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kame racoon 2005-02-14
kame racoon 2005-02-28
kame racoon 2004-04-07b
redhat enterprise_linux 4.0
redhat enterprise_linux 3.0
kame racoon 2003-07-11
suse suse_linux 9.1
suse suse_linux 9.2
altlinux alt_linux 2.3
ipsec-tools ipsec-tools 0.3.3
kame racoon 2004-05-03
ipsec-tools ipsec-tools 0.5
redhat enterprise_linux_desktop 4.0
kame racoon 2005-03-07
kame racoon 2005-01-24
kame racoon 2005-01-10
kame racoon 2005-02-07
kame racoon 2004-04-05
sgi propack 3.0
kame racoon 2005-01-31
kame racoon 2005-01-03
kame racoon 2005-01-17
suse suse_linux *
redhat enterprise_linux_desktop 3.0
kame racoon 2005-02-21
CVE-2008-0177 HIGH

The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kame ipcomp *
CVE-2008-2464 HIGH

The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
freebsd freebsd *
kame kame *
netbsd netbsd 4.0